General
-
Target
New PO.exe
-
Size
330KB
-
Sample
211125-jlz5hseefk
-
MD5
1d1c4222bbcebb1a21feae9dff98f352
-
SHA1
f9033c51c24e419788814d35ec3a0aac6994c0e1
-
SHA256
785c9462087ec5a3a5ab70f2c6a1c0b14c872c4cb79d5b9e5f734e83bf2c775b
-
SHA512
70d1046a043a52ca954c393bb0504470778b95533f3f08cdb702346c10db29f50107b7189d5929d75448c822d63cb502a3352382708a9a4709b3fa12b6ac8437
Static task
static1
Behavioral task
behavioral1
Sample
New PO.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
New PO.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.keysiqht.com - Port:
587 - Username:
anna_deng@keysiqht.com - Password:
Cair0j0e
https://api.telegram.org/bot2117364747:AAFeHN5f_ugt1Q3HJuvL_qsM-dbw2nk2poc/sendMessage?chat_id=1996621743
Targets
-
-
Target
New PO.exe
-
Size
330KB
-
MD5
1d1c4222bbcebb1a21feae9dff98f352
-
SHA1
f9033c51c24e419788814d35ec3a0aac6994c0e1
-
SHA256
785c9462087ec5a3a5ab70f2c6a1c0b14c872c4cb79d5b9e5f734e83bf2c775b
-
SHA512
70d1046a043a52ca954c393bb0504470778b95533f3f08cdb702346c10db29f50107b7189d5929d75448c822d63cb502a3352382708a9a4709b3fa12b6ac8437
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-